fielded capability: end-to-end vpn a sek-13-3-q.pdf · top secret//comint//rel usa, aus, can, gbr,...
TRANSCRIPT
Fielded Capability: End-to-End VPN SPIN 9 Design Review
The overall classification for this brief is: TOPSECRET//COMINT//REL USA, AUS, CAN, GBR, NZL//20320108
MAT A Sek-13-3-q.pdf, Blatt 1
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) Current Fielded Capability
• (TS//SI//REL) All current TURMOIL Virtual Private Network (VPN) capabilit ies are fielded as Spin 6 Red Architecture software running on Red Architecture hardware.
VPN Metadata
Red TEC No capability after Blue transition
on 17-Sep YRS
SSO
MHS L ive
MHS Dev
No capability
No capability
Red
No capability
VPN D e c r y p t i o n Red
No capability after Blue transition on 17-Sep
No capability
No capability
Red
No capability
T O P RFC:RFT//r:OMINT//RFI USA AMR H A N ORR M7I //?fl3?nirifi 2
MAT A Sek-13-3-q.pdf, Blatt 2
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) Spin 9 Objectives
• (S//SI//REL) The Spin 9 Objective for the TURBULENCE (TU) VPN Private capability is to transition to the Blue Architecture.
(S//SI//REL) Spin 9 VPN will implement a redesign of the decryption f low that reallocates some functionality between TURMOIL, the VPN Attack Orchestrator (VAO), and the VPN Metrics service.
(U) Deliver all capabilit ies as deployable at the end of Spin 9.
T O P RFC:RFT//r:OMINT//RFI USA AMR H A N ORR M7I //?fl3?nirifi 3
MAT A Sek-13-3-q.pdf, Blatt 3
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) Capabilities
(TS//SI//REL) The TU VPN capability will implement an operational capability to detect and decrypt selected communicat ions that are encrypted using IP security ( IPsec) algorithms and protocols. It will forward the unencrypted content to follow-on processing systems.
(TS//SI//REL) The TU VPN capability will collect metadata about IPsec Internet
Key Exchange (IKE) events and forward the metadata to follow-on SIGINT
Development (SIGDEV) systems.
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl3?niri8 4
MAT A Sek-13-3-q.pdf, Blatt 4
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U//FOUO) Exploited Protocols
(TS//SI//REL) IPsec a u t o m a t i c key m a n a g e m e n t p r o t o c o l s establish security associations between communicants. A s e c u r i t y a s s o c i a t i o n (SA) is a relationship between a source and a destination that includes a session key and other parameters. The VPN capability exploits the following key management protocols:
• (U) ISAKMP - Internet Security Associat ion and Key Management Protocol (RFC2407, RFC2408) provides the authentication and key exchange framework.
• (U) IKE - Internet Key Exchange (RFC2409) provides the authentication and key exchange mechanisms.
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl3?niri8 5
MAT A Sek-13-3-q.pdf, Blatt 5
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U//FOUO) Exploited Protocols (continued)
(TS//SI//REL) IPsec s e c u r i t y p r o t o c o l s provide integrity, confidentiality, and authentication for higher layer IP protocols. IPsec security protocols use security associations previously established either manually or by automatic key management protocols (IKE). The VPN capability targets SA's that are established by IKE. The VPN capability exploits the following security protocol:
• (U) ESP - Encapsulating Security Payload (RFC2406) provides traffic confidentiality (via encryption) and optionally provides authentication and integrity protection.
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl?!?f11f1fi 6
MAT A Sek-13-3-q.pdf, Blatt 6
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) IPsec Operation ( A l i c e s Bob)
ISAKMP/IKE Phasel Unencrypted Handshake ISAKMP/IKE Phasel ISAKMP
SA ISAKMP/IKE Phase2 ^ E n c r y p t e d H a n d s h a k e ̂ ISAKMP/IKE Phase2 I
Security Association
Database
Alice @ IP Source
Security Association
Database
ISAKMP SA
i N ESP Cleartext ESP Cleartext > B o b @ IP Destination
• (U) An SA is identified by a 4-tuple <SrclP, DstIP, SPI , SecurityProtocol>, where the SPI (Secur i ty Parameter Index) is chosen by DstIP for SA uniqueness.
• (U) The Bi-directional ISAKMP SA is negotiated in P h a s e l and protects the ESP key negotiations in Phase2.
• (U) A Uni-directional ESP SA is negotiated in Phase2 and is used to protect the user's cleartext.
• (U) Reverse communicat ion (Bob •=> Alice) requires a separate ESP SA and is negotiated using the same ISAKMP SA as used for (Alice •=> Bob).
T O P RFC:RFT//r:OMINT//RFI USA AMR H A N ORR M7I //?fl?!?f11f1fi 7
MAT A Sek-13-3-q.pdf, Blatt 7
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) IPsec Modes
r IP Hdr: Src=A, Dst -B ESP Header Encrypted Data ESP Trailer
(U) T r a n s p o r t M o d e • (U) Original IP Header is preserved
• (U) ESP Header and Trailer encapsulate and encrypt remaining IP Packet
i t \<Security GatewayV^ Internet
IP Hdr: Src=F A , Dst=F E ESP Header Encrypted IP Hdr: Src=A, Dst=B Encrypted Data ESP Trailer
(U) T u n n e l M o d e
• (U) Security Gateway at source encapsulates, encrypts, and adds new IP Header to original packet.
• (U) Security Gateway at destination recovers and forwards original packet.
• (U) Identities of traffic source and destination is concealed
• (U) Extra padding also may be added to hide packet size T O P RFORFT/ /OOMINT/ /RF I IJ RA AMR OAN ORR M7I //?fl8?ri1 flft 8
MAT A Sek-13-3-q.pdf, Blatt 8
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(S//SI//REL) TU VPN Products
X (TS//SI//REL) B u n d l e d d e c r y p t are the decrypted packets from an ESP Security Associat ion prior to any session or application processing.
• (TS//SI//REL) S e s s i o n i z e d d e c r y p t e d p a c k e t s are the decrypted packets that have been recursively processed by the TURMOIL Stage 1 sessionizer for SIGDEV.
• (S//SI//REL) Se lected a p p l i c a t i o n s e s s i o n s are the recursed TURMOIL sessions that have been selected by KEYCARD strong selection and subsequently processed by TURMOIL Stage 2 application processing.
• (S//SI//REL) IPsec m e t a d a t a are derived from IKE events for VPN SIGDEV.
• (S//SI//REL) VPN m e t r i c s are produced by CES CA components for internal use.
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl8?ri1 flft 9
MAT A Sek-13-3-q.pdf, Blatt 9
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(S//SI//REL) TU VPN Product Dataflows
X (TS//SI//REL) B u n d l e d d e c r y p t are delivered directly to WEALTHYCLUSTER 2.0 (WC2.0) v ia TUBE from TURMOIL as packets for application processing that is not available in TURMOIL.
• (TS//SI//REL) S e s s i o n i z e d d e c r y p t e d p a c k e t s are delivered without selection (full-take) to XKEYSCORE from TURMOIL for target SIGDEV.
(S//SI//REL) Se lected a p p l i c a t i o n s e s s i o n s are delivered to PRESSUREWAVE via TUBE format conversion and EXOPUMP where data and metadata object are created and inserted into PWV for legacy analytics and analysis tools.
• (S//SI//REL) IPsec m e t a d a t a are delivered to TOYGRIPPE via PWV where an analytic converts IPsec metadata to TGIF format and pushes it to TOYGRIPPE.
(S//SI//REL) VPN m e t r i c s are delivered to CA Resources by the TURMOIL PIQ blade via CES firewall.
Reference: VPN Spin 9 Dataflows
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?n3?ri1 f lf i 10
MAT A Sek-13-3-q.pdf, Blatt 10
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(S//SI//REL) TU VPN Product Retrieval Mechanisms
X (S//SI//REL) WC2.0
• An analyst uses the AGILITY interface on WC2.0 to view selected traffic as the intended recipient would see it. ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
• (S//SI//REL) PRESSUREWAVE
• The PRESSUREWAVE analytic and standing query pulls, reformats, and pushes metadata objects to TOYGRIPPE.
• (S//SI//REL) TOYGRIPPE
• A SIGDEV analyst uses the TOYGRIPPE query interface to pull VPN metadata.
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR N 7 I / / ? f 1 3 ? n i n 8 11
MAT A Sek-13-3-q.pdf, Blatt 11
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U//FOUO) Selection Mechanisms • (S//SI//REL) P r o t o c o l Se lec t ion - Identify VPN traffic in IP traffic
• IKE: version=4, 0x05<hdrl_en<0xff, nxtProtocol=17, srcPort=500, dstPort=500
• ESP: version=4, hdrl_en=5, nxtProtocol=50
• (S//SI//REL) S e s s i o n Se lec t ion - Identify session packets in VPN traffic
• IKE: srclP, dstIP, srcPort, desPort, nxtProtocol (5-tuple)
• ESP: srclP, dstIP, SPI
• (TS//SI//REL) Target Se lec t ion - Identify, select, and task target in VPN sessions
• K E Y C A R D performs target selection lookup with IP selectors
• K E Y C A R D lookup result determines tasking disposit ion:
• Not TRANSFORM (no action)
• TRANSFORM (decrypt)
• TRANSFORM+SURVEY (decrvot and send to XKEYSCORE)
• T R A N S F O R M + F O R W A R I ^ d a a ^ a m J send to WC2.0)
• TRANSFORM+SURVEY+FORWARD (decrypt and send to X K E Y & WC2.0)
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl3?nirifi 12
MAT A Sek-13-3-q.pdf, Blatt 12
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) Design Constraints
(TS//SI//REL) Spin 9 VPN will use the following components:
Capab i l i t y C o m p o n e n t
PIQ-Blade
F u n c t i o n
Extends the CES enclave to TURMOIL for decryption and other CA processing
VPN Identification
and Decryption
VPN Metadata
XWC2.0
VPN Attack Orchestrator
(VAO)
TOYGRIPPE
Receive bundled decrypt for application processing
Provides IKE / ESP matching functionality. It communicates with the PIQ-Blade and is located behind the CES Firewall.
Receives VPN SOTF Metadata via PRESSUREWAVE
Deve loper
CES/ESO
TU
CES/SAO/ Txx
CES/ESO
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl3?niri8 13
MAT A Sek-13-3-q.pdf, Blatt 13
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) Delivery Constraints
(TS//SI//REL) Spin 9 VPN will use the following delivery mechanisms:
Capab i l i t y
VPN Identification
and Decryption
M VPN
Metadata
P r o d u c t
X Bundled decrypt for WC2.0
Sessionized decrypted packets from TURMOIL Data Store to
XKEYSCORE
VPN IKE setup metadata for PRESSUREWAVE
VPN IKE setup metadata for TOYGRIPPE
Format
SOTF
SOTF
SOTF
TGIF
M e c h a n i s m
MAILORDER
Socket
Socket via TUBE and EXOPUMP
MAILORDER via VPN Analytic
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl8?f11f1ft 14
MAT A Sek-13-3-q.pdf, Blatt 14
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) Management Constraints
• (S//SI//REL) All VPN deployments must be approved by Chief CES
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl3?niri8 15
MAT A Sek-13-3-q.pdf, Blatt 15
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) Second and Third Party Constraints
(TS//SI//REL) Spin 9 VPN identification and decryption capability will not deploy
to Third Party TU Sites.
(U//FOUO) Spin 9 VPN metadata capability will deploy to all TU sites.
T O P RFC:RFT//r:OMINT//RFI USA AMR H A N ORR M7I //?fl3?nirifi 16
MAT A Sek-13-3-q.pdf, Blatt 16
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) What Spin 9 VPN wil l do
• (S//SI//REL) Packet De tec t ion
• Detect IKE exchanges
• Detect ESP packets
• (S//SI//REL) IPsec Metadata F l o w
Bundle all detected IKE with SRI and send to PWV
Reference: VPN Spin 9 Sequence Diagram
T O P RFC:RFT//r:OMINT//RFI USA AMR H A N ORR M7I //?fl3?niri8 17
MAT A Sek-13-3-q.pdf, Blatt 17
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) What Spin 9 VPN wil l do (continued)
• (TS//SI//REL) ESP D e c r y p t i o n F l o w
• When IKE exchange is observed, lookup IP addresses in KEYCARD. If tasked for collection, forward to VAO.
• When ESP is observed, lookup IP addresses in KEYCARD. If tasked for collection, request key from VAO.
• If decrypt key is provided by VAO, decrypt ESP packet.
• Send VPN decrypt metrics to CES VPN Metrics Service in CA Enclave.
• Recurse decrypted packets to find identifiers tasked for T U R M OL processing.
• Send selected sessions to PWV via TUBE and EXOPUMP.
• Sessionize all decrypted packets and pass to XKEYSCORE for SIGDEV.
XB Forward all decrypted packets to WC2.0 for additional application processing.
• Process only Tunnel mode ESP packets.
T O P RFORFT/ /OOMINT/ /RF I MRA AMR OAN ORR M7I //?fl8?f11f1ft 18
MAT A Sek-13-3-q.pdf, Blatt 18
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) What Spin 9 VPN wil l not do
• (S//SI//REL) Wi l l n o t p r o c e s s IPsec in o t h e r p r o t o c o l i m p l e m e n t a t i o n s
• Will not perform pattern-based IKE / ESP detection.
• Will not process TCP/500, UDP/4500, or TCP/4500 implementations.
• Will not process IKEv2 (RFC4306).
• (S//SI//REL) Wi l l n o t p r o c e s s non- IPsec based VPNs • TU VPN capability will only process IPsec based VPNs.
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl8?f11f1ft 19
MAT A Sek-13-3-q.pdf, Blatt 19
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) End-to-end test
• (TS//SI//REL) IKE and ESP test packets must use coordinated security associations
• (S//SI//REL) Use both synthetic (lab generated) and live collect test data
• (S//SI//REL) Live test data may only be processed through PIQ blade
• (TS//SI//REL) Test data characterization must include:
• 5-tuples (sourcelP, des t ina t ion^ , protocol, sourcePort, destinationPort)
• Number of IKE packets
• Number of ESP packets
• Unencrypted ESP payload content
T O P RFORFT/ /OOMINT/ /RF I MRA AMR OAN ORR M7I //?fl3?niri8 20
MAT A Sek-13-3-q.pdf, Blatt 20
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) Test S c e n a r i o s
•(S//SI/ /REL) "Sunny Day" Scenarios. Single VPN with all IKE/ESP packets available and VPN Match. Exercise KEYCARD tasking option combinations.
• (TS//SI//REL) Transform - Decrypt to PRESSUREWAVE; IKE to TOYGRIPPE
• (TS//SI//REL) Transform & Survey - Decrypt to PRESSUREWAVE & XKEYSCORE; IKE to TOYGRIPPE
• (TS//SI//REL) Transform & Forward - Decrypt to PRESSUREWAVE & XWEALTHYCLUSTER 2.0; IKE to TOYGRIPPE
• (TS//SI//REL) Transform & Survev & Forward - Decrypt to PRESSUREWAVE, XKEYSCORE, X WEALTH YCLUSTER 2.0; IKE to TOYGRIPPE
• (S//SI//REL) Not Transform - IKE to TOYGRIPPE
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl3?niri8 21
MAT A Sek-13-3-q.pdf, Blatt 21
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) Test S c e n a r i o s ( c o n t i n u e d )
• (U) Failure Scenarios.
• (TS//SI//REL) ESP Decryption fails because bad key is returned by VAO.
• (S//SI//REL) VAO responds with no key recovered.
• (S//SI//REL) VAO key response t imeout.
• (S//SI//REL) VAO key response received after response t imeout.
• (S//SI//REL) VAO response received after TDS hold time expires and ESP is not available.
• (S//SI//REL) Phase 1 and Phase 2 IKE is complete, but no ESP is collected.
• (S//SI//REL) ESP is collected, but no IKE is collected.
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl8?f11f1ft 22
MAT A Sek-13-3-q.pdf, Blatt 22
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Fielded Capability Upgrade
(U) Test S c e n a r i o s ( c o n t i n u e d )
• (S//SI//REL) Miscellaneous Scenarios.
• (S//SI//REL) Multiple, rapid (< 30 second) Phase 2 re-keys for same initiator / responder pair.
• (S//SI//REL) Two VPN sessions collected concurrently for same IP source.
• (TS//SI//REL) Decryption f low can be disabled.
• (S//SI//REL) IKE Metadata flow can be disabled.
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl?!?f11f1fi 23
MAT A Sek-13-3-q.pdf, Blatt 23
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108 VPN Spin 9 Development & Integration Activities
Metadata Flow
Decryption Subflow: IKE & ESP Sessions to TDS
Decryption Subflow: PIQ Blade processing ML l&T (TML + APP)
Decryption Subflow: process and recurse decrypted packets
Decryption Flow
TU l&T
VPN Analytic
TML l&T Decrypt (APP) - 1 9 Oct
VAO (CE^/S^p) p p F A p p ( A P P ) & sessionizei^or I K H M t ^
VPN Metrics (CES)
TDS (TML)
TOP R F n R F T / / r r i M i N T / / R F i i J S A A U ? ; H A N O R R M 7 i //?ri3?riiri8 iBridge (TML) T M I IÄT (TMI + A P P 1 24
MAT A Sek-13-3-q.pdf, Blatt 24
TOP SECRET//COMINT//20320108
VPN SPIN 9 Dataflows
XKEYSCORE
Internet Key Exchange (IKE)
_VPN7 T Socket Connection C: Sessionized Decrypted Packets F: SOTF
VPNS T: Socket Connection C: IKE Records F: SOTF
, aVPN6 " T: Socket Connection
C: Selected Application Sessions* F: SOTF
VPN9* T: MAILORDER C: Selected Application Sessons* F: SOTF
VPN8 T: MAILORDER C: IKE Records F: SOTF
Note * Selected Application Sessions are identified and selected from the decrypted packets extracted
from the VPN tunnel and inserted into the TURMOIL input stream.
EXOPUMP
Encapsulating Security Payload (ESP)
TURMOIL
PIQ Blade
KEYCARD Interface Key T = Transport C = Content F = Format
VPN1 T: Socket Connection C: Selector Hit Query/Response F: Binary
Dataflow Key Selector Lookup VPN Metrics PIQ Blade Monitoring ESP Key Request/Response IKE Messages Selected Application Sessions IKE Records Sessionized Decrypted Packets
J/PN2 _ _ "T: Secure Socket (SSL)
C: VPN Metrics F: SOAP
_VPN18 ~T: Secure Socket (SSL)
C: PIQ Blade Monitoring F: WebSA
VPN3 , T: Secure Socket (SSL) C: ESP Key Requet/Response F:SOAP
«VPN4 _ _ *T: Secure Socket (SSL) C: IKE Messages F: SOAP
CD $ CD -t—' CCS
CD
X CO LU
O
CD
35
CO LU
o
VPN Metrics
CES Watch
VAO
VPN11 ' T: ITx (JMS)
C: Selected Appl Sessions* F: XML/SOTF
_VPN10 T: ITx (JMS) C: IKE Records
PRESSURE-WAVE
METROTUBE
VPN12 T: ITx (JMS) C: IKE Records F: SOTF
VPN Analytic VPN13 T: MAILORDER C: IKE Records F: TGIF
TOYGRIPPE
TOP SECRET//COMINT//20320108 25
MAT A Sek-13-3-q.pdf, Blatt 25
TOP SECRET//COMINT//20320108
VPN SPIN 9 Metadata Dataflows o Internet Key Exchange (IKE)
TUBE VPN5 T: Socket Connection C: IKE Records F: SOTF
VPN8 T: MAILORDER C: IKE Records F: SOTF
1 EXOPUMP
TURMOIL
Interface Key T = Transport C = Content F = Format
Dataflow Key
IKE Records
VPN10 T: ITx (JMS) C: IKE Records F: XML/SOTF
PRESSURE-WAVE
METROTUBE
VPN12 T: ITx (JMS) C: IKE Records F: SOTF
VPN Analytic
TOYGRIPPE.
VPN13 T: MAILORDER C: IKE Records F: TGIF
TOP SECRET//COMINT//20320108 26
MAT A Sek-13-3-q.pdf, Blatt 26
TOP SECRET//COMINT//20320108
VPN SPIN 9 Decrypt Dataflows
XKEYSCORE
— Internet Key Exchange (IKE)
Encapsulating Security Payload (ESP)
TURMOIL
TUBE
VPN7 T: Socket Connection C: Sessionized Decrypted Packets F: SOTF
KEYCARD
2
Interface Key T = Transport C = Content F = Format
VPN1 T: Socket Connection C: Selector Hit Query/Response F: Binary
_VPN6 T: Socket Connection C: Selected Application Sessions* F: SOTF
VPN9 T: MAILORDER C: Selected Application Sessons* F: SOTF
t EXOPUMP
Note * Selected Application Sessions are identified and selected from the decrypted packets extracted
from the VPN tunnel and inserted into the TURMOIL input stream.
PIQ Blade
VPN2
Dataflow Key Selector Lookup VPN Metrics PIQ Blade Monitoring ESP Key Request/Response IKE Messages
Selected Application Sessions
Sessionized Decrypted Packets
T: Secure Socket (SSL) C: VPN Metrics F: SOAP
_VPN18 "T: Secure Socket (SSL) C: PIQ Blade Monitoring F: WebSA
VPN3 " t : Secure Socket (SSL) C: ESP Key Requet/Response F: SOAP
.VPN4 — _ "T: Secure Socket (SSL) C: IKE Messages F: SOAP
>, CO CD -I—» CO
Ü
X CO LU u
CO
CO LU
o
VPN Metrics
CES Watch
VPN 11 T: ITx (JMS) C: Selected Appl Sessions* F: XML/SOTF PRESSURE-
WAVE
27
MAT A Sek-13-3-q.pdf, Blatt 27
Stage 0 TURMOIL KEYCARD TUBE
TOP SECRET//COMINT//20320108 XKEYSCORE EXOPUMP VAO PWv VPN Metrics VPN Analytic CES Watch TOYGRIPPE
IKE Packet
Aggregate/Sessionize;
IKE Metadata-( J ) )KE Metadata-
TRANSFORM or (TRANSFORM * " and SURVEY) '
ÖIKE Select Query *
_ L IKEse lec t ,
. I Response™ Aggregate
IKE Metadata-
ESP Packet"
(H) •IKE Messages-
-VPN Metfics (SOAP)-
TRANSFORM or (TRANSFORM i and.SU RVEY)
SP Select Query
ESP Selec! Response"
!
_J Aggregate -ESP Key Request-
-VPN Metrics (SOAP)-
Key Recovered
•ESP Key Response-
Decryption
® -VPN Metrics (SOAP)-
if (TRANSFORM andSURVEY) Recursion for Sessionization
essionized Decrypted Packet:
if (TRANSFORM) Recursion for Tunnel Selection and Application Processing i i
Selected Application Sessions"
i
Selected
CM)
y Applicatio i Sessions
•IKE Metadata-
Selected Application Sessions"
•PIQ Blade Monitoring
( J > 1 IKE Metadata-
0 Socket
(J) MAILORDER
4) ISLANDTRANSPORT (JMS)
H Secure Socket Layer (HTTPS)
TOP SECRET//COMINT//20320108 28
MAT A Sek-13-3-q.pdf, Blatt 28
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN Spin 9 Metadata Design Details
Mission Application }
T O P RFf*:RFT//r :nMINT / /RFI USA AMR H A N ORR M7I //?n3?ri1 f lf i 29
MAT A Sek-13-3-q.pdf, Blatt 29
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZL//20320108
VPN Spin 9 Decryption Design Details
Metadata EventGen
erator
Pacta! Procwdng Framework
Stage 0
DFID Allocator
G e n e r a t o r * ^
DFCE <bus>
Sessionizer
WC2
Mailorder Router Service
Packet Data Keyword Management
Session Data
^ §0 Iff
SIGDEV 1 VL/C 1 sessions
T D K Component
T O P S F C R F T / / C n M I N T / / R F I I ISA AUS C A N GRR M7I / /?n3? f ) i na 30
MAT A Sek-13-3-q.pdf, Blatt 30
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
VPN3
VPN4
VPNS
VPN8
VPN9
VPN 12
VPN Spin 9 Interfaces Source
TURMOIL
PIQ Blade
PIQ Blade
PIQ Blade
TML Home
Destination
KEYCARD
CES
CES VAO
CES VAO
TUBE
Content
Selector Query/Response
VPN Metrics
ESP Crypto-variable Request/Response
IKE Message
IKE Data/Metadata
Format
Binary
SOAP/HTTPS
SOAP/HTTPS
SOAP/HTTPS
SOTF
VPN6 TML Home TUBE » ^ 5 2 ^ & *™ VPN7 TML Home XKEYSCORE
TUBE
TUBE
VPN 10 EXOPUMP
VPN11 EXOPUMP
PWV
EXOPUMP
EXOPUMP
PWV
PWV
VPN Analytic
Decrypted Session
IKE Data/Metadata
Selected Session, Decrypted & Recursively Processed
IKE Data/Metadata
Selected Session, Decrypted & Recursively Processed
IKE Data/Metadata
VPN 13 VPN Analytic TOYGRIPPE
VPN 14 TML Home TEC WC2.0
IKE Data/Metadata
Bundled Decrypt
SOTF
SOTF
SOTF
SOTF
SOTF
SOTF
TGIF
SOTF
;d
Schema / ICD
cns.xsd
VPNMetrics.xsd
VAOESP.xsd
VAOIKE.xsd
DataBundleOutput.> VPNDataBundle.xsd
TURMOIL/core VPNDecrypt.xsd
TURMOIL/core VPNDecrypt.xsd
DataBundleOutput.xsd VPNDataBundle.xsd
TURMOIL/core VPNDecrypt.xsd
DataBundleOutput.xsd VPNDataBundle.xsd
PWV Schema
TURMOIL/core VPNDecrypt.xsd
PWV Schema
DataBundleOutput.xsd VPNDataBundle.xsd
r V u V o C r i c l l l c l
TGIF ICD
TURMOIL/core VPNDecrypt.xsd
Changes Transport
No Socket
Yes Socket (SSL)
Yes Socket (SSL)
Yes Socket (SSL)
Yes Socket
Yes
Yes
Yes
Yes
Yes
Yes
No
Socket
Socket
Yes MAILORDER
MAILORDER
ITx
ITx
ITx
MAILORDER
Yes MAILORDER
31 T O P RFORFT/ /OOMINT/ /RF I IJSA Al JS OAN ORR M7I //?n3?fnflft
MAT A Sek-13-3-q.pdf, Blatt 31
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
I VPN Specific BME
protocolNamespace 900667 str ing
keyExchange
espspi
nextProtocol
appID
ikeCookie
ikePayload
survey
protocol
600533 str ing
55002 uint32
37007 uintB
114000 str ing
900633 str ing
900632 str ing
900790 str ing
2001 String
xxxxxxxx-xxxx xxxx-xxxx-
xxxxxxxxxxxx
' ipsec/ike'
'IKE'
xxxxxxxx
IPTUNNEL=4
'vpn/esp'
8 chars
68 chars
'vpn/esp'
'vpn/esp'
• Recursed packets XKEYSCORE session
• WC2.0 decrypt
• PWV Metadata
• PWV Metadata
XKEYSCORE session • WC2.0 decrypt
XKEYSCORE session • WC2.0 decrypt
XKEYSCORE session • WC2.0 decrypt
• PWV Metadata
PWV Metadata
16-byte Universally Unique ID that associates IPsec packets in processing history
Identify IPsec as transport protocol layer
Flags IPsec IKE event
4-byte SPI f rom ESP packet
Identifies IP Tunnel in processing history
Identifies VPN/ESP in XKEYSCORE Session
Destination cookie f rom IKE packet
Raw payload extracted f rom IKE packet
Identifies VPN/ESP in protocol history as weakly XKEYSCORE session selected indicating session should not be
forwarded to PRESSUREWAVE.
• Recursed packets XKEYSCORE session Identifies VPN in processing history
• WC2.0 decrypt
T O P RFORFT/ /OOMINT/ /RF I USA AMR H A N ORR M7I //?n.^?fl1flft 32
MAT A Sek-13-3-q.pdf, Blatt 32
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZL//20320108
Questions?
T O P RFORFT/ /OOMINT/ /RF I IJSA Al JR OAN ORR M7I //?n3?niflS 33
MAT A Sek-13-3-q.pdf, Blatt 33
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
Background
T O P RFORFT/ /OOMINT/ /RF I IJSA Al JR OAN ORR M7I //?n.^?fl1flft 34
MAT A Sek-13-3-q.pdf, Blatt 34
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZL//20320108
| KEYCARD
(U) Inputs
• (U) Application ID: VPN
• (U//FOUO) Raw Selectors: IP addresses of sessions carrying the IKE exchange
• (U) Context: Packet IP addresses both source and destination (properly identified) with realm derived from network universe
(U) Processing
• (S//SI//REL) Lookup raw selectors and report hit/no-hit results.
• (S//SI//REL) Return tasking for hits.
(U) Outputs • (U//FOUO) Evaluated Selectors:
• Hit or No-Hit indicators • Target match data if necessary
T O P RFORFT/ /OOMINT/ /RF I IJSA Al JR OAN ORR M7I / /?f l8?ri1 flft 35
MAT A Sek-13-3-q.pdf, Blatt 35
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
TURMOIL VPN Metadata Processing
(U) Inputs • (U) Raw packets
(U) Processing • (S//SI//REL) Detect IKE exchanges at UDP source and destination ports 500 • (S//SI//REL) Extract IP addresses, responder cookie, message ID, ISAKMP
payload
• (S//SI//REL) Bundle all IKE detect messages with SRI
(U) Outputs • (S//SI//REL) SOTF object containing metadata and IKE packets
T O P RFORFT/ /OOMINT/ /RF I IJSA Al JR OAN ORR M7I //?fl3?f11flft 36
MAT A Sek-13-3-q.pdf, Blatt 36
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
TURMOIL VPN Decrypt Processing
(U) Inputs • (U) Raw packets
• (U) Selection results from KEYCARD
(U) Processing • (S//SI//REL) Detect ESP packets and extract IP addresses and SPI • (S//SI//REL) Match tasked IKE exchange packets with an ESP packet stream • (S//SI//REL) Generate UUID and assign to VPNID for unique exchange ID • (S//SI//REL) Send Crypto-variable Request to the CES V A O • (TS//SI//REL) If the key is returned, decrypt the ESP packets • (TS//SI//REL) Send decrypt metrics to the CES VPN Metrics service • (TS//SI//REL) Recurse all decrypted packets from the VPN. • (TS//SI//REL) Sessionize all decrypted packets, pass sessions to XKEYSCORE X (TS//SI//REL) Forward all decrypted packets to a WC2.0 for application processing.
(U) Outputs X (TS//SI//REL) Decrypted packets to a WC2.0 • (TS//SI//REL) Decrypt metrics to VAO • (TS//SI//REL) Sessionized decrypted packets to XKEYSCORE • (S//SI//REL) Selected application SOTF
T O P RFORFT/ /OOMINT/ /RF I IJSA Al JR OAN ORR M7I //?fl3?f11f1ft 37
MAT A Sek-13-3-q.pdf, Blatt 37
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZL//20320108
XKEYSCORE
(U) Inputs • (S//SI//REL) Sessionized collect in SOTF format.
(U) Processing • (S//SI//REL) Recovers and archives session content. Databases metadata for query by analysts. XKEYSCORE can also perform keyword scanning and optionally forward selected data back to PINWALE. Presence tips can also be sent to TRAFFICTHIEF.
T O P S F C R F T / / C D M I N T / / R F I I ISA AUS C A N GRR N7I / /?n3? f ) i na 38
MAT A Sek-13-3-q.pdf, Blatt 38
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZL//20320108
i TUBE (ID and Decryption) ion) (U) Inputs • (U) SOTF objects.
(U) Processing • (C//SI//REL) Defragments fragmented sessions, creating an SOTF object with the
complete session. • (C//SI//REL) Examines the BME to determine if the session should go to PWV. • (C//SI//REL) Creates a new SOTF object, placing the received or defragged
SOTF object into the data section. The BME of the newly created object contains classification metadata*, as well as certain fields such as session ID and signalUpTime replicated from the BME of the original received SOTF object.
* NOTE: Classification metadata needs more discussion to determine appropriate origination. TURMOIL may assume some responsibilities.
• (U) Determines appropriate routing (MAILORDER FDI) and forwards the new SOTF object to EXOPUMP via MAILORDER.
• (U) Optionally (configurable) wrap multiple objects destined for EXOPUMP/PWV into one MAILORDER file to reduce the number of individual files transmitted.
(U) Outputs
• (U) SOTF objects.
T O P RFORFT/ /OOMINT/ /RF I IJSA Al JR OAN ORR M7I //?fl3?niri8 39
MAT A Sek-13-3-q.pdf, Blatt 39
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
1 TUBE (Metadata) (U) Inputs
• (U) SOTF objects.
(U) Processing • (C//SI//REL) Examines the BME to determine if the session should go to PWV. • (U) Determines appropriate routing (MAILORDER FDI) and forwards the new
SOTF object to EXOPUMP via MAILORDER. • (U) Optionally (configurable) wrap multiple objects destined for EXOPUMP/PWV
into one MAILORDER file to reduce the number of individual files transmitted.
(U) Outputs
• (U) SOTF objects.
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl3?f11flft 40
MAT A Sek-13-3-q.pdf, Blatt 40
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZL//20320108
EXOPUMP
(U) Inputs
• (U) SOTF object from TUBE via MAILORDER.
(U) Processing
• (U) Extracts metadata from SOTF records for PWV XML metadata.
• (U) Inserts SOTF objects and XML metadata into PWV.
(U) O u t p u t s
• (U) PRESSUREWAVE metadata object.
T O P S F C R F T / / C D M I N T / / R F I I ISA AUS C A N GRR N7I / / ? n 3 ? n i f ) 8 4 1
MAT A Sek-13-3-q.pdf, Blatt 41
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZL//20320108
PRESSUREWAVE
(U) Inputs • (S//SI//REL) VPN metadata including IKE payload objects with associated
metadata represented in XML. • (U//FOUO) Selected application data objects with associated metadata
represented in xml.
(U) Processing • (S//SI//REL) PWV hosts a persistent (or standing) query created by the VPN
analytic. When new metadata arrives that matches the query, the VPN analytic is notified and pulls the associated metadata and IKE packets for further processing.
• (U//FOUO) PWV serves as data store for TU analytics
(U) Outputs • (S//SI//REL) The metadata and IKE packets are forwarded to VPN analytic via
ITx (JMS messaging service).
T O P S F C R F T / / C D M I N T / / R F I I ISA AUS C A N GRR N7I / / ? n 3 ? n i f ) 8 42
MAT A Sek-13-3-q.pdf, Blatt 42
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
) VPN Analytic
(U) Inputs • (S//SI//REL) Persistent query to detect VPN metadata/IKE packets in
PRESSUREWAVE • (S//SI//REL) SOTF files containing IKE packets
(U) Processing • (U//FOUO) Convert SOTF to TGIF records
(U) Outputs • (S//SI//REL) MAILORDER files with TGIF records containing intercepted IKE
packets
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl3?f11f1ft 43
MAT A Sek-13-3-q.pdf, Blatt 43
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
TOYGRIPPE
(U) Inputs • (U//FOUO) TGIF ("The Grand Input Format") records based on TML collected metadata.
(U) Processing • (U//FOUO) TOYGRIPPE 3.2 system accepts TGIF files sent by MAILORDER as bundled "tar" files. • (TS//SI//REL) TOYGRIPPE unbundles, validates, and stores the VPN metadata from the TGIF files into a database for later access by Analysts primarily through a web browser interface. TOYGRIPPE supports data processing and storage for PPTP and IPSec VPN metadata records.
T O P RFORFT/ /OOMINT/ /RF I IJSA Al JR OAN ORR M7I //?fl3?f11flft 44
MAT A Sek-13-3-q.pdf, Blatt 44
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZL//20320108
VAO
(U) Inputs • (S//SI//REL) IKE packets
• (S//SI//REL) ESP Crypto-variable (CV) Requests
(U) Processing
• (S//SI//REL) Generates ESP SA CV's from IKE packets
• (S//SI//REL) Matches ESP SA CV requests with generated CV's
• (S//SI//REL) Responds to ESP SA CV requests
(U) O u t p u t s * • (S//SI//REL) ESP Crypto-variable Response
* Note: VAO requests that multiple ESP packets also be sent for each session
T O P RFORFT/ /OOMINT/ /RF I USA AMR OAN ORR M7I //?fl3?niri8 45
MAT A Sek-13-3-q.pdf, Blatt 45
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZL//20320108
VPN Metrics
(U) Inputs • (S//SI//REL) PIQ Blade VPN Processing Metrics
(U) Processing
(S//SI//REL) Internal to CES/CA Enclave
T O P S F C R F T / / C D M I N T / / R F I I ISA AUS C A N GRR N7I //?f)8?fl1flft 46
MAT A Sek-13-3-q.pdf, Blatt 46
TOP SECRET//COMINT//REL USA, AUS, CAN, GBR, NZU/20320108
XWEALTHYCLUSTER 2.0
(U) Inputs • (S//SI//REL) Bundled decrypted packets in SOTF format v ia MAILORDER.
(U) Processing • (U) Signal identification
• (S//SI//REL) Protocol recognition, processing and sessionization
• (C//SI//REL) Application identification and processing
• (C//SI//REL) Link characterization aggregation
• (U//FOUO) Filtering, selection, and forwarding
• (U//FOUO) Strong selection
• (S//SI//REL) Persona session association
• (S//SI//REL) Session association
• (S//SI//REL) IP Decompression
• (S//SI//REL) Contact chaining
T O P RFORFT/ /OOMINT/ /RF I IJSA Al JR OAN ORR M7I //?fl3?f11f1ft 47
MAT A Sek-13-3-q.pdf, Blatt 47